radump more tshark-like?
elof2 at sentor.se
elof2 at sentor.se
Tue Jul 2 08:24:02 EDT 2013
Hi Carter!
I see in the manual for radump that it is tcpdump-like.
Would it be lots of work to make it more tshark-like instead?
tcpdump is not parsing Microsoft networking very well (ports 135, 137-139,
445). Tshark on the other hand usually manages to show what I'm interested
in, i.e. the machine name, domain, login name, etc.
It is mainly the Microsoft protocols I need decoded, but naturally other
common protocols that can reveal the identity behind an IP address would
be interesting.
In my last email I was asking for a function to decode the NetBIOS
half-ASCII.
It would also be nice if data like this:
......H.&.\.\.E.U.R.S.T.H.L.M.D.C.0.1.\.I.P.C.$.....
was decoded into strings:
......H.&.\\EURSTHLMDC01\IPC$.....
/Elof
More information about the argus
mailing list